VACL(Vlan Access-list)

VACLs can provide access control for all packet s that are bridged within a VLAN or that are routed into or out of a VLAN or a WAN interface for VACL capture. Unlike regular Cisco IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN or WAN interface. VACLS are processed in hardware. VACLs use Cisco IOS ACLs. VACLs ignore any Cisco IOS ACL fields that are not supported in hardware.

This is the example of implementing VACL:

(config)# ip access-list standard 11
(config-std-nacl)# permit 172.120.40.0 0.0.0.25

Then, define an access-map and assign it to the access-list 10:

(config)# vlan access-map myaccess 10
(config-access-map) # match ip address 11
(config-access-map) # action forward

Now, we write access-list for dropping the packets:

(config)# vlan access-map myaccess 20
(config-access-map) # action drop

Finally, we assign access-map to the vlan7-9:

(config)# vlan filter myaccess vlan-list 7-9

PreviousVTP(Vlan Trunking Protocol)NextSetup SSH in Cisco

Last updated 5 years ago